From 27574d1b79477f09778aa2d83040d703652994fa Mon Sep 17 00:00:00 2001
From: Artiom Diomin <artiom@kubermatic.com>
Date: Thu, 12 Dec 2024 18:05:45 +0200
Subject: [PATCH] Use dedicated keyring for docker packages

Signed-off-by: Artiom Diomin <artiom@kubermatic.com>
---
 pkg/scripts/render.go                                    | 9 ++++++---
 .../testdata/TestKubeadmDebian-cilium_cluster.golden     | 9 ++++++---
 .../testdata/TestKubeadmDebian-nutanix_cluster.golden    | 9 ++++++---
 .../testdata/TestKubeadmDebian-with_containerd.golden    | 9 ++++++---
 ...mDebian-with_containerd_with_insecure_registry.golden | 9 ++++++---
 .../testdata/TestUpgradeKubeadmAndCNIDebian.golden       | 9 ++++++---
 .../testdata/TestUpgradeKubeletAndKubectlDebian.golden   | 9 ++++++---
 7 files changed, 42 insertions(+), 21 deletions(-)

diff --git a/pkg/scripts/render.go b/pkg/scripts/render.go
index 8d1741e59..b6c87e60b 100644
--- a/pkg/scripts/render.go
+++ b/pkg/scripts/render.go
@@ -54,9 +54,12 @@ var containerRuntimeTemplates = map[string]string{
 			{{ if .CONFIGURE_REPOSITORIES }}
 			sudo apt-get update
 			sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-			curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-				sudo apt-key add -
-			sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+			sudo install -m 0755 -d /etc/apt/keyrings
+			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+			sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+			echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+			sudo apt-get update
 			{{ end }}
 
 			sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden b/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden
index d9a35ad79..8a122c953 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden b/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden
index ef69e20c9..878ab781c 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden
@@ -81,9 +81,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
index d9a35ad79..8a122c953 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
index 65fab084d..4ab86d39b 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
index c85a993fd..23463d365 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
@@ -79,9 +79,12 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
index 7db9282ab..b010e25ae 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
@@ -79,9 +79,12 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true